cfg (control flow graph)dslab.konkuk.ac.kr/class/2011/11se/team/se_2nd/b12.pdf · basic blocks (bb)...

CFG (Control flow graph)

Class B T12

오지은 200814189 신승우 201011340 이종선 200811448

Introduction to CFG

Algorithm to construct Control Flow Graph

Q & A

Statement of Purpose

Introduction to CFG (1/17)

Control flow graphs are one technique to ensurethat computer programs work correctly.

Computer code is complicated and is worked and reworked before it is ready for final release.

There may be code that will never be executed and there may be code that will lead to loops from which you can never exit.

Control flow graphs are one way of finding thisbad code.

First the code is broken up into control blocks, then graphs — trees.

They are constructed to ensure that every block is reachable and that no block loops endlessly.

CFGs help ensure that software works correctly.


In a control flow graph each node in the graph represents a basic block, i.e. a straight-line piece of code without any jumps or jump targets.

Jump targets start a block, and jumps end a block.

Directed edges are used to represent jumps in the control flow.

There are, in most presentations, two specially designated blocks:the entry block, through which control enters into the flow graph, and the exit block, through which all control flow leaves.

The CFG is essential to many compiler optimizations and static analysis tools.

entry block

exit block


Consider the following fragment of code:

0: (A) t0 = read_num1: (A) if t0 mod 2 == 02: (B) print t0 + " is odd."3: (B) goto 54: (C) print t0 + " is even."5: (D) end program

In the above, we have 4 basic blocks:A from 0 to 1, B from 2 to 3, C at 4and D at 5. In particular, in this case,A is the "entry block", D the "exit block"and lines 4 and 5 are jump targets.A graph for this fragment has edgesfrom A to B, A to C, B to D and C to D.


Basic Blocks (BB)

Compilers usually decompose programs into their basic blocks as a first step in the analysis process. Basic blocks form the vertices or nodes in a control flow graph.

MeaningA group of instructions applied with same performing condition.

Definition1. one entry point, meaning no code within it is the destination of a

jump instruction anywhere in the program.

2. one exit point, meaning only the last instruction can cause the program to begin executing code in a different basic block.


A sequence of instructions forms a basic block

IFSequence while case


If statement

void if TestMethod (int a) {

if (a < 5) {

a = 5;}a= a*2;

}

start

a<5

a=a*2 a=5

end


If else statement

void if TestMethod (int a) {

if (a < 5) {

a = 5;}a= a*2;

}

start

a<5

a=5 a=10

end

a=a*2


Ternary operator

void ternaryTestMethod(int b, int a) {

b = (a<1) ? 2 : 3;}

start

a<1

2 3

end


For statement

void forTestMethod(int a){

for (a = 1; a < 20; ){

if (a > 10) {

break;}else {

a = a + 2;}

}a= a*2;

}

start

a<20a>10

Expr

end

Expr

Expr which is an abbreviation of very Long Expression Statements.


For statement - Tree to Graph model

Break forces the if node to connect to its parents next node.

After the if statement is completed the for node is executed again till false or break is encountered.

start

break

a=a*2

a=a+2

end

The for loop endsWithout breaks.

void forTestMethod(int a){

for (a = 1; a < 20; ){

if (a > 10) {

break;}

else {

a = a + 2;}

}a= a*2;

}

a<20

a>10


start

do

a>7 a<=10

end

Expr

Expr which is an abbreviation of very Long Expression Statements.

Do-while statement

Void doWhileTestMethod(int a) {do {

if (a > 7){

break;} else {

a = a + 2;}

} while (a <= 10);}


Do-while statement - Tree to Graph model

Void doWhileTestMethod(int a) {do {

if (a > 7){

break;} else {

a = a + 2;}

} while (a <= 10);}

Break forces the if node to connect to its parents next node.

Decisions are taken from the while node if there is no arbitrary jump like break or continue.

start

do

break

a<=10

a>7

a=a+2

end

Expression returnsTrue.


Switch case statement

void switchTestMethod(int a, int b, int c) {

switch (a) {case 1:

b = 2;case 2:

c = 3; break;case 3:

b = 1; c = 1;default:

a = 0; b = 0;c = 0;

}}

b=2

start

a

a=0

c=1

b=1 c=3

end

b=0

c=0


void tryCatchTestMethod(int b, int c, int t){try {mightThrowAnException(b);} catch (Exception e) {

b = 3;}

finally {t = b*3;

}c= 3;

}

start

Try

b=3

Expr

Expr

end

c=3

Try-catch statement


Try-catch statement - Tree to Graph model

Next node.

Decision is taken.

start

try

c=3

t=b*3

mcall()

b=3

end

Statement whichmight Throw Exception.

void tryCatchTestMethod(int b, int c, int t){try {mightThrowAnException(b);} catch (Exception e) {

b = 3;}

finally {t = b*3;

}c= 3;

}

-- The dotted lines represent the new connections added by the view algorithm.


Reachability

If a block/subgraph is not connected from the subgraph containing the entry block, that block is unreachable during any execution, and so is unreachable code; it can be safely removed.

If the exit block is unreachable from the entryblock, it indicates an infinite loop. Not all infinite loops are detectable, of course; see Halting problem.

Dead code and some infinite loops are possible.

Even if the programmer didn't explicitly code thatway: optimizations like constant propagation and constant folding followed by jump threading could collapse multiple basic blocks into one, cause edgesto be removed from a CFG, etc., thus possibly disconnecting parts of the graph.


Domination relationship Dominator(graph theory)

A block M dominates a block N if every pathfrom the entry that reaches block N has to passthrough block M. The entry block dominates allblocks.

In the reverse direction, block M postdominatesblock N if every path from N to the exit has to pass through block M. The exit block postdominates all blocks.

It is said that a block M immediately dominatesblock N if M dominates N, and there is no intervening block P such that M dominates P and Pdominates N. In other words, M is the lastdominator on all paths from entry to N.

Each block has a unique immediate dominator.

* The dominance frontier -entry, exit

* 6 dominates 2

Q & A

Introduction to CFG




Partition the code into a set of basic blocks

Source(Basic blocks)

Partition

Source (Instructions)

Source(Instruction)

Source (Instrutions)

Branch

Branch

Branch

Source(Instruction)

Branch

(1/10)

Look at the branches in the code and fill in the cfg’s edges to represent the flow of control


Source(Instruction)


Branch

Branch

Branch

Source(Instruction)

Branch

Fill edges


Source(Instruction)


Branch

Branch

Branch

Source(Instruction)

BranchIt represents the flow of control.

Algorithm to construct Control Flow Graph(2/10)

It’s a base Algorithm to construct CFG

.


block_list is list that includes set of blocks.


Source(Instruction)


Source(Instruction)

Block list

It start with block b in block_list.So it remove block b from block_list, and set branch_found variable false.

b

c d

e



Instruction iInstruction p

…

bInstruction i is branch?

→ branch_found = true→ countdown = 1(branch_latency)

Search a branch in each instructions this block.

D

We assume the target of i’s branch is ‘D’and i has one branch.




…

bInstruction p,countdown--;

Look a after instruction that has branches.



Continue to decrement the countdown variable until it reaches the zero (0) since branch is hidden as much as Branch Latency.

(6/10)


…

b

Split b at p

Instruction ib

b’ = remainder of b

And add b’ to block_list

Instruction p…

b’


It’s a case countdown variable is ‘zero’when it counts all branches.


Instruction ib

D

Instruction p…

b’

Block list

add edges from b to target of i

If b is conditional add edge to b’


It’s a case countdown variable is ‘zero’when it counts all branches.




If you do not find branch or do not reduce the number of branch found, draw the basic edge of the next of the block b.

(9/10)

a)

It’s a base Algorithm to construct dominate relations in CFG

a) Start node no only dominates itself, no

b) Node n dominates itself (n) and nodes that p dominates.(p is predecessor node of n)

b)


Q & A

Introduction to CFG



Statement of purpose

Control Flow Graph

Transfer Source code to Control Flow Graph.

The program detects and traces variables to indicates their flow.

A variable is indicated when it is assigned first time.

If a variable is assigned value, it is indicated by node of rectangle.

If a variable’s flow is split by condition, it is indicated by node of rhomboid.

Nodes of one same function are able to be presented by one node.


Introduction to CFG

Q & A


cfg (control flow graph)dslab.konkuk.ac.kr/class/2011/11se/team/se_2nd/b12.pdf · basic blocks (bb)...

Documents